[25495] in Perl-Users-Digest
Perl-Users Digest, Issue: 7739 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sat Feb 5 00:05:29 2005
Date: Fri, 4 Feb 2005 21:05:13 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 4 Feb 2005 Volume: 10 Number: 7739
Today's topics:
Re: a very bad question (and getting OT) <flavell@ph.gla.ac.uk>
Re: a very bad question (and getting OT) <wyzelli@yahoo.com>
Re: a very bad question (and getting OT) <flavell@ph.gla.ac.uk>
Re: a very bad question (and getting OT) <lv@aol.com>
Re: a very bad question (and getting OT) <spamtrap@dot-app.org>
Re: a very bad question (and getting OT) <lv@aol.com>
Re: Can't get perl to find .pm in my own private direct <noeltd@hotmail.com>
Re: Can't get perl to find .pm in my own private direct <1usa@llenroc.ude.invalid>
Re: Can't use an undefined value as a HASH reference <No_4@dsl.pipex.com>
Re: Can't use an undefined value as a HASH reference <nospam@sbcglobal.net>
Re: Can't use an undefined value as a HASH reference <No_4@dsl.pipex.com>
Re: Extracting .jpg from mbox file with MIME::Base64 <sshears@theWorld.com>
Re: OT [Fwd: Fwd: symptoms of a stroke] <antbyte.The.Flow@gmail.com>
Re: OT [Fwd: Fwd: symptoms of a stroke] <spamtrap@dot-app.org>
Re: OT [Fwd: Fwd: symptoms of a stroke] <1usa@llenroc.ude.invalid>
Re: OT [Fwd: Fwd: symptoms of a stroke] <antbyte.The.Flow@gmail.com>
Re: perl style: can I combine two steps into one? <mjl69mj...@myaccmyacc.net>
perldoc perlsec question el_roachmeister@yahoo.com
Re: perldoc perlsec question xhoster@gmail.com
Re: perldoc perlsec question el_roachmeister@yahoo.com
Re: perldoc perlsec question <matternc@comcast.net>
Re: perldoc perlsec question <noreply@gunnar.cc>
Re: perldoc perlsec question <noreply@gunnar.cc>
Re: perldoc perlsec question el_roachmeister@yahoo.com
Re: perldoc perlsec question <news@chaos-net.de>
Re: Problem serving a PDF <No_4@dsl.pipex.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Sat, 5 Feb 2005 00:57:51 +0000
From: "Alan J. Flavell" <flavell@ph.gla.ac.uk>
Subject: Re: a very bad question (and getting OT)
Message-Id: <Pine.LNX.4.61.0502050054100.9260@ppepc56.ph.gla.ac.uk>
On Fri, 4 Feb 2005 jhunterj@gmail.com wrote:
> Alan J. Flavell wrote:
>
> > A pity they don't read the Unicode standard.
>
> I have yet to find a phone that encoded its buttons at all,
We're not discussing encoding: I'm talking about reference names.
> Unicode is just a way a representing a (very large) set of characters.
...and assigning them reference names, amongst other things.
> It's not a reference manual on English (or other language) usage.
Nevertheless, the character which it defines as POUND SIGN is the
Pound Sterling currency sign. You can ignore that if you want, but
don't come whining when you find that it leads to misunderstandings.
------------------------------
Date: Sat, 05 Feb 2005 01:48:15 GMT
From: "Peter Wyzl" <wyzelli@yahoo.com>
Subject: Re: a very bad question (and getting OT)
Message-Id: <zBVMd.147900$K7.121562@news-server.bigpond.net.au>
"Alan J. Flavell" <flavell@ph.gla.ac.uk> wrote in message
news:Pine.LNX.4.61.0502041047210.8656@ppepc56.ph.gla.ac.uk...
: On Fri, 4 Feb 2005, Octo Mancer wrote:
:
: > On Fri, 04 Feb 2005 09:48:46 +0100, Arndt Jonasson wrote:
: > > and the # key is meant. What is the # key on a telephone called in
: > > Britain?
: >
: > It's always referred to as 'hash'.
:
: For some small value of "always".
In _Britain_ (and Australia) the value of always would be very large, but
not absolute. "Mostly" (except by expats) would be more accurate...
P
--
An 'absolute value of always?' hehe
print "Just another Perl Hacker";
------------------------------
Date: Sat, 5 Feb 2005 01:59:11 +0000
From: "Alan J. Flavell" <flavell@ph.gla.ac.uk>
Subject: Re: a very bad question (and getting OT)
Message-Id: <Pine.LNX.4.61.0502050151330.9402@ppepc56.ph.gla.ac.uk>
On Sat, 5 Feb 2005, Peter Wyzl wrote:
> "Alan J. Flavell" <flavell@ph.gla.ac.uk> wrote in message
> :
> : For some small value of "always".
>
> In _Britain_ (and Australia) the value of always would be very large,
I look forward to your critique of the URL that I cited.
> "Mostly" (except by expats) would be more accurate...
Have you got something against English ex-pats in Scotland? I may
have cited a Scottish report, but in my experience it relates just as
well to my homeland: twice as many respondents called it "square" as
called it "hash".
About Australia I claim no knowledge.
------------------------------
Date: Fri, 04 Feb 2005 20:18:44 -0600
From: l v <lv@aol.com>
Subject: Re: a very bad question (and getting OT)
Message-Id: <42042d88$1_1@127.0.0.1>
Alan J. Flavell wrote:
> [snip] they often tell the user to "press the
> star button", instead.
You mean the asterisk? :)
Len
----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
------------------------------
Date: Fri, 04 Feb 2005 21:23:59 -0500
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: a very bad question (and getting OT)
Message-Id: <co-dnYsZnuCis5nfRVn-iw@adelphia.com>
l v wrote:
> Alan J. Flavell wrote:
>> [snip] they often tell the user to "press the
>> star button", instead.
>
> You mean the asterisk? :)
No, no - he means the splat. :-)
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: Fri, 04 Feb 2005 20:24:49 -0600
From: l v <lv@aol.com>
Subject: Re: a very bad question (and getting OT)
Message-Id: <42042ef6$1_1@127.0.0.1>
jhunterj@gmail.com wrote:
> I have yet to find a phone that encoded its buttons at all, let alone
> with the Unicode standard. :-)
>
Wait until they start making java enabled phones .... I look forward to
the nightly reboots. Can I use Perl for that?
Len
----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
------------------------------
Date: Fri, 04 Feb 2005 23:50:23 GMT
From: "Atlantis" <noeltd@hotmail.com>
Subject: Re: Can't get perl to find .pm in my own private directory
Message-Id: <3TTMd.381$E41.259@newsfe5-gui.ntli.net>
"m_p_v_13" <m_p_v_13@yahoo.com> wrote in message
news:1107554781.556485.186710@f14g2000cwb.googlegroups.com...
> How do I add to the search paths for .pm modules in my local
> environment?
>
> I am running on AIX with perl5 (revision 5.0 version 6 subversion 0)
> I have some perl programs and .pm modules installed in my own private
> directories (not in /usr/opt/perl5/....). I have one perl program
> calling a second perl program which requires the private modules. I
> don't want to change the code in either of these programs, but want the
> private modules found.
>
> Useing the perl -I<path> option on starting the first doesent seem to
> pass this environment to the second perl program.
>
> I tried setting PERL5PATH, PERLPATH, PERL5LIB, PERLLIB without success.
> The documentation seems to indicate that one of these should work.
>
> Putting the modules in ./ does work (./ is in @INC) but I wanted to
> locate the modules in a different place.
>
> *** I just tried one more thing, before sending this post, and it seems
> to work so far. Setting PERL5OPT=-I<myprivatepath> does seem to work!
>
> Is this the best I can do. Any gotchas.
>
> Thanks in advance,
> Michael
>
At the top of your script you can also says...
use lib "/pathtoyourmodule/yourmodule";
... or...
BEGIN{unshift(@INC, "/pathtoyourmodule/yourmodule");};
------------------------------
Date: Sat, 05 Feb 2005 00:14:09 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: Can't get perl to find .pm in my own private directory
Message-Id: <Xns95F3C3B69AFBEasu1cornelledu@127.0.0.1>
"m_p_v_13" <m_p_v_13@yahoo.com> wrote in news:1107554781.556485.186710
@f14g2000cwb.googlegroups.com:
> How do I add to the search paths for .pm modules in my local
> environment?
>
> I am running on AIX with perl5 (revision 5.0 version 6 subversion 0)
> I have some perl programs and .pm modules installed in my own private
> directories (not in /usr/opt/perl5/....). I have one perl program
> calling a second perl program which requires the private modules. I
> don't want to change the code in either of these programs, but want
> the private modules found.
Clearly, one crucial bit of information is missing: What is the private
directory?
If I have a private module, say My::Module, I can place it in
/home/sinan/perl/lib/My/Module.pm
Then, if I want my scripts to be able to say
use My::Module;
I would set
PERL5LIB=/home/sinan/perl/lib
Does that sound similar to what you have done?
Sinan.
------------------------------
Date: Sat, 05 Feb 2005 01:15:43 +0000
From: Big and Blue <No_4@dsl.pipex.com>
Subject: Re: Can't use an undefined value as a HASH reference
Message-Id: <O-SdnWotVYTcg5nfRVnyrQ@pipex.net>
Josh McAdams wrote:
>>>
>> This second example, with the strict pragma turned on causes and error
>> message "Can't use an undefined value as a HASH reference"
>>....
> Oops, the second code block really was broken, try this instead:
>
> <code type="broken">
> perl -MData::Dumper -Mstrict -e 'print join "\n", keys %{eval(`perl
> -MData::Dumper -e "print Dumper(\\\%h)"`)}'
> </code>
Well, %h isn't defined. Not sure why you expect Perl to somehow ignore
this fact when you tell it to trap such things. You're trying to have your
cake and eat it.
--
Just because I've written it doesn't mean that
either you or I have to believe it.
------------------------------
Date: Sat, 05 Feb 2005 02:45:13 GMT
From: Josh McAdams <nospam@sbcglobal.net>
Subject: Re: Can't use an undefined value as a HASH reference
Message-Id: <42043338.9060408@sbcglobal.net>
Big and Blue wrote:
> Josh McAdams wrote:
>
>>>>
>>> This second example, with the strict pragma turned on causes and
>>> error message "Can't use an undefined value as a HASH reference"
>>> ....
>>
>> Oops, the second code block really was broken, try this instead:
>>
>> <code type="broken">
>> perl -MData::Dumper -Mstrict -e 'print join "\n", keys %{eval(`perl
>> -MData::Dumper -e "print Dumper(\\\%h)"`)}'
>> </code>
>
>
> Well, %h isn't defined. Not sure why you expect Perl to somehow
> ignore this fact when you tell it to trap such things. You're trying to
> have your cake and eat it.
>
>
Poor example on my part, here is the real code:
perl -MData::Dumper -Mstrict -e 'print join "\n", keys %{eval(`perl
-MData::Dumper -e "print Dumper(\\\%ENV)"`)}'
------------------------------
Date: Sat, 05 Feb 2005 04:43:48 +0000
From: Big and Blue <No_4@dsl.pipex.com>
Subject: Re: Can't use an undefined value as a HASH reference
Message-Id: <If6dnVPEktSZ0pnfRVnyhg@pipex.net>
Josh McAdams wrote:
>
> Poor example on my part, here is the real code:
>
> perl -MData::Dumper -Mstrict -e 'print join "\n", keys %{eval(`perl
> -MData::Dumper -e "print Dumper(\\\%ENV)"`)}'
The inner perl command produces output of the form:
$VAR1 = \{k1 => v1, k2 => v2..... };
You are using the result of eval()ing that as a HASH reference, which seems
odd to me.
What do you actually wish to achieve?
--
Just because I've written it doesn't mean that
either you or I have to believe it.
------------------------------
Date: Fri, 04 Feb 2005 23:43:14 -0500
From: Sally Shears <sshears@theWorld.com>
Subject: Re: Extracting .jpg from mbox file with MIME::Base64
Message-Id: <040220052343143053%sshears@theWorld.com>
Can anyone help me with this... How to extract a .jpg file from an
attachment in a message in an mbox file?
I'm trying with MIME::Base64 but I'll take any suggestions. Thanks.
-- Sally
In article <030220052140038558%SallyShears@gmail.com>, Sally Shears
<SallyShears@gmail.com> wrote:
> I have an email message in an mbox file with a jpg attachment.
>
> I want a program I can run with cron or procmail to extract the .jpg
> attachment from the last message in the mbox. That is, to store the
> .jpg as a normal file to be served up by Apache.
>
> The attachment is encoded base64.
>
> I read the whole encoded portion of the mbox file into a character
> string and then attempt to decode it with MIME::Base64::decode($str)
>
> The result is zero length, so MIME::Bae64 must be choking on the
> content.
>
> Can anyone give me some advice?
>
> -- Sally
>
> Note: cat mbox-file is the STDIN. Output is >file.jpg
>
> #!/usr/bin/perl
>
> use MIME::Base64;
>
> $inheader=1;
> $havedata=0;
> while (<>) {
> if (/.+/) { # ..any character but line-end
> chop;
> unless ($inheader) {$encoded=$encoded.$_; $havedata=1;}
> }
> else {$inheader=0;} #discard blank line; now past hdr
> }
>
> if ($havedata) {$decoded=MIME::Base64::decode($encoded); print;}
------------------------------
Date: 4 Feb 2005 15:29:53 -0800
From: "The Flow" <antbyte.The.Flow@gmail.com>
Subject: Re: OT [Fwd: Fwd: symptoms of a stroke]
Message-Id: <1107559793.023485.62890@l41g2000cwc.googlegroups.com>
Chris Mattern wrote:
> Randal_Schwartzcopf@yahoo.com wrote:
[snip]
> > use Mail::Sendmail;
>
> use Mail::SpamAssassin;
^^^^^^^^^^^^^
>
> --
> Christopher Mattern
>
> "Which one you figure tracked us?"
> "The ugly one, sir."
> "...Could you be more specific?"
Why do you think that this is a mail that should be filtered out
through SpamAssassin? What is being rewarded to the poster for sending
out this message?
------------------------------
Date: Fri, 04 Feb 2005 21:03:54 -0500
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: OT [Fwd: Fwd: symptoms of a stroke]
Message-Id: <rpudnUvuULEWtJnfRVn-1Q@adelphia.com>
The Flow wrote:
> Why do you think that this is a mail that should be filtered out
> through SpamAssassin?
Duh - Because it's spam.
> What is being rewarded to the poster for sending
> out this message?
With roughly 1800 messages in my "Junk" email folder from the past two days
alone, I have neither the patience nor the inclination to debate the finer
points of what exactly constitutes "spam".
Chain letters, Nigerian scams, viruses, worms, trojans, religious sermons,
penis pills, and mail-order brides - so far as I'm concerned, any and all
of that bulk-emailed crap I don't want and didn't ask for is spam, period.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: Sat, 05 Feb 2005 02:28:43 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: OT [Fwd: Fwd: symptoms of a stroke]
Message-Id: <Xns95F3DA8898779asu1cornelledu@127.0.0.1>
"The Flow" <antbyte.The.Flow@gmail.com> wrote in
news:1107559793.023485.62890@l41g2000cwc.googlegroups.com:
>
> Chris Mattern wrote:
>> Randal_Schwartzcopf@yahoo.com wrote:
> [snip]
>> > use Mail::Sendmail;
>>
>> use Mail::SpamAssassin;
^^^^^^^^^^^^^
...
> Why do you think that this is a mail that should be filtered out
> through SpamAssassin? What is being rewarded to the poster for
sending
> out this message?
The original message contained:
->
-> BE A FRIEND AND SHARE THIS ARTICLE WITH AS MANY FRIENDS AS POSSIBLE.
-> It could save their lives!
->
That makes it a chain-letter. Chain-letters constitute a form of
unsolicited email and most networks ban them.
The ... who posted this had the audacity of including this comment:
-> * After "extensive" research, I noticed
-> * that yyusenet@yahoo.com received 12
-> * spam e-mail messages after just two
-> * posts on usenet groups. If you want
-> * to email me, use the "encrypted"
-> * email address at the beggining of my
-> * signature.
I did not want to even dignify this with a nice *PLONK* but now that it
seems you have decided to come to his defense I thought I would point
out why yyusenet has been hanging out with Xah in my relatively empty
killfile.
Sinan
------------------------------
Date: 4 Feb 2005 19:13:29 -0800
From: "The Flow" <antbyte.The.Flow@gmail.com>
Subject: Re: OT [Fwd: Fwd: symptoms of a stroke]
Message-Id: <1107573209.632831.116360@g14g2000cwa.googlegroups.com>
A. Sinan Unur wrote:
> "The Flow" <antbyte.The.Flow@gmail.com> wrote in
> news:1107559793.023485.62890@l41g2000cwc.googlegroups.com:
>
> >
> > Chris Mattern wrote:
> >> Randal_Schwartzcopf@yahoo.com wrote:
> > [snip]
> >> > use Mail::Sendmail;
> >>
> >> use Mail::SpamAssassin;
> ^^^^^^^^^^^^^
> ...
>
> > Why do you think that this is a mail that should be filtered out
> > through SpamAssassin? What is being rewarded to the poster for
> sending
> > out this message?
>
> The original message contained:
>
> ->
> -> BE A FRIEND AND SHARE THIS ARTICLE WITH AS MANY FRIENDS AS
POSSIBLE.
> -> It could save their lives!
> ->
>
> That makes it a chain-letter. Chain-letters constitute a form of
> unsolicited email and most networks ban them.
>
> The ... who posted this had the audacity of including this comment:
>
> -> * After "extensive" research, I noticed
> -> * that yyusenet@yahoo.com received 12
> -> * spam e-mail messages after just two
> -> * posts on usenet groups. If you want
> -> * to email me, use the "encrypted"
> -> * email address at the beggining of my
> -> * signature.
>
> I did not want to even dignify this with a nice *PLONK* but now that
it
> seems you have decided to come to his defense I thought I would point
> out why yyusenet has been hanging out with Xah in my relatively empty
> killfile.
>
> Sinan
Sorry, I can understand now why this is spam.
------------------------------
Date: 5 Feb 2005 01:01:54 GMT
From: mjl69 <mjl69mj...@myaccmyacc.net>
Subject: Re: perl style: can I combine two steps into one?
Message-Id: <36ik82F5302nbU1@individual.net>
> mjl69 wrote:
>
> [ snip ]
>
> my @report =
>
> map { [ $_->[ 1 ], $_->[ 0 ] ] }
> sort { $b->[ 0 ] <=> $a->[ 0 ] }
> map { [ $hack_count{ $_ }, $_ ] }
> keys %hack_count;
>
> Amazing how things can become more readable by careful reformating :-D
I was just looking for a place to use the Schwartzian Transform. It is kind of a stretch. He did not really need the elements of the anonymous array reversed at the end (the beginning).
mjl
>
> --
> John Small Perl scripts: http://johnbokma.com/perl/
> Perl programmer available: http://castleamber.com/
> Happy Customers: http://castleamber.com/testimonials.html
>
>
------------------------------
Date: 4 Feb 2005 16:17:34 -0800
From: el_roachmeister@yahoo.com
Subject: perldoc perlsec question
Message-Id: <1107562654.363350.71570@z14g2000cwz.googlegroups.com>
Why does perlsec recommend setting scripts to chmod 755 ? Why would I
want anyone other than the user having read access to my scripts? I use
711 for all scripts. Is that wrong?
Thanks!
------------------------------
Date: 05 Feb 2005 00:29:11 GMT
From: xhoster@gmail.com
Subject: Re: perldoc perlsec question
Message-Id: <20050204192911.630$5g@newsreader.com>
el_roachmeister@yahoo.com wrote:
> Why does perlsec recommend setting scripts to chmod 755 ? Why would I
> want anyone other than the user having read access to my scripts?
Why not? We can't read your mind.
> I use
> 711 for all scripts. Is that wrong?
Well, it is pointless. If you want to be antisocial, just
go with 700.
Xho
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB
------------------------------
Date: 4 Feb 2005 16:44:35 -0800
From: el_roachmeister@yahoo.com
Subject: Re: perldoc perlsec question
Message-Id: <1107564275.810926.3470@l41g2000cwc.googlegroups.com>
i forgot to mention, 711 would be for my cgi scripts. I would not want
visitors reading my source code. I assume most people use perl for cgi
so setting scripts to 755 is a huge security loophole, no?
------------------------------
Date: Fri, 04 Feb 2005 19:44:57 -0500
From: Chris Mattern <matternc@comcast.net>
Subject: Re: perldoc perlsec question
Message-Id: <d4GdnVM1uNSXipnfRVn-tQ@comcast.com>
el_roachmeister@yahoo.com wrote:
> Why does perlsec recommend setting scripts to chmod 755 ? Why would I
> want anyone other than the user having read access to my scripts? I use
> 711 for all scripts. Is that wrong?
>
Well, it's pointless. Perl scripts, not being native binaries, must
be read by the perl interpreter to be executed. So giving them execute
permission without read permission is no different from not giving them
any permission at all. If you want to restrict access to yourself, you
can go with 700. But if you want other people to run the script, they
must have read and execute permission (in fact, all they really need is
read permission, since they can then run it by saying
"perl /path/to/scriptname").
--
Christopher Mattern
"Which one you figure tracked us?"
"The ugly one, sir."
"...Could you be more specific?"
------------------------------
Date: Sat, 05 Feb 2005 01:40:06 +0100
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: perldoc perlsec question
Message-Id: <36ijhrF53rv2fU1@individual.net>
el_roachmeister@yahoo.com wrote:
> Why does perlsec recommend setting scripts to chmod 755 ? Why would I
> want anyone other than the user having read access to my scripts? I use
> 711 for all scripts. Is that wrong?
If the server lets you execute them without the read bit, it cannot
reasonably be wrong. Many servers require 755, though.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Sat, 05 Feb 2005 01:59:23 +0100
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: perldoc perlsec question
Message-Id: <36ikmaF52v6p7U1@individual.net>
el_roachmeister@yahoo.com wrote:
> i forgot to mention, 711 would be for my cgi scripts.
Maybe, if that works for you, do you possibly have e.g. suEXEC or
cgiwrap, so that CGI scripts are run as you? In that case, you can
probably set permission 700 as well.
> I would not want visitors reading my source code. I assume most people use perl for cgi
> so setting scripts to 755 is a huge security loophole, no?
If you are talking about people who navigate your site via the web: No.
Provided that the web server has been sensibly configured, they can
still not read the source. But it may be true as regards other users in
a shared environment.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: 4 Feb 2005 17:31:45 -0800
From: el_roachmeister@yahoo.com
Subject: Re: perldoc perlsec question
Message-Id: <1107567105.749825.102160@c13g2000cwb.googlegroups.com>
thanks for the info. i think my web server was "unsensibly" configured
as people could read my perl source code for cgi-bins in my subdomains.
If I had a script like this:
subdomain.domain.com/cgi-bin/script.pl
it would execute fine. But if the user typed:
www.domain.com/subdomain/cgi-bin/script.pl
then it would just reveal all the plain text source code! I was shocked
to see that which is why I am now paranoid about chmod I do on all my
scripts :-(
------------------------------
Date: Sat, 5 Feb 2005 04:25:15 +0100
From: Martin Kissner <news@chaos-net.de>
Subject: Re: perldoc perlsec question
Message-Id: <slrnd08f4r.ckn.news@maki.homeunix.net>
el_roachmeister@yahoo.com wrote :
> thanks for the info. i think my web server was "unsensibly" configured
> as people could read my perl source code for cgi-bins in my subdomains.
> If I had a script like this:
>
> subdomain.domain.com/cgi-bin/script.pl
>
> it would execute fine. But if the user typed:
>
> www.domain.com/subdomain/cgi-bin/script.pl
>
> then it would just reveal all the plain text source code! I was shocked
> to see that which is why I am now paranoid about chmod I do on all my
> scripts :-(
If this happens IMHO the webserver is not configured safely.
Directories which contain cgi scripts should not be world readable at
all.
The DocumentRoot of the subdomain shouldn't be within the domain's
Documentroot.
If it is not avoidable www.domain.com/subdomain/cgi-bin/ should get a
ScriptAlias directive within the subdomain and the domain.
Regards
Martin
--
perl -e 'print 7.74.117.115.116.11.32.13.97.110.111.116.104.101.114.11
.32.13.112.101.114.108.11.32.13.104.97.99.107.101.114.10.7'
------------------------------
Date: Sat, 05 Feb 2005 01:18:11 +0000
From: Big and Blue <No_4@dsl.pipex.com>
Subject: Re: Problem serving a PDF
Message-Id: <O-SdnWUtVYRJg5nfRVnyrQ@pipex.net>
Rene Schickbauer wrote:
>>
>>#!c:/Perl/bin/Perl.exe
>>
>>print "Cache-control: no-cache\n";
>
> ^^^^^^^^^^^^^^^^^^^^^
>
> This does NOT work very well with IE
A common problem...
> The reason seems to be that IE downloads the file, deletes it from the Cache
> and simultaniously calls Acroread.
Sounds similar to a view I reached recently over similar things.
Basically, IE has several bugs like this which make it unreliable.
--
Just because I've written it doesn't mean that
either you or I have to believe it.
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 7739
***************************************
